/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package servlet;

import tool.DBUtilities;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 *
 * @author DH
 */
public class LoginServlet extends HttpServlet {

    private final String homePage = "index.jsp";
    private final String invalidPage = "invalid.jsp";

    /**
     * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter();
        try {
            String action = request.getParameter("action");

            if (action.equals("Login")) {
                Connection con = null;
                ResultSet rs = null;
                try {
                    con = DBUtilities.createConnection();
                    String user = request.getParameter("txtUser");
                    String pass = request.getParameter("txtPass");

                    String query = "SELECT [fullName], [roleId] FROM [User] WHERE [username] = ? and [password] = ? and [isActive] = '1'";
                    PreparedStatement ps = con.prepareStatement(query);
                    ps.setString(1, user);
                    ps.setString(2, pass);
                    rs = ps.executeQuery();
                    String url = invalidPage;
                    if (rs.next()) {
                        String roleId = rs.getString("roleId");
                        String roleQuery = "SELECT [roleName] FROM [Role] WHERE [id] = ? and [isActive] = '1'";
                        ps = con.prepareCall(roleQuery);
                        ps.setString(1, roleId);
                        ResultSet roleRs = ps.executeQuery();
                        if (roleRs.next()) {
                            String roleName = roleRs.getString("roleName");
                            if (roleName.equals("Admin")) {
                                String fullName = rs.getString("fullName");
                                HttpSession ss = request.getSession();
                                ss.setAttribute("USER", user);
                                ss.setAttribute("FULLNAME", fullName);
                                url = homePage;
                            }
                        }
                    }

                    response.sendRedirect(url);

                } catch (ClassNotFoundException ex) {
                    ex.printStackTrace();
                } catch (SQLException ex) {
                    ex.printStackTrace();
                } finally {
                    try {
                        if (con != null) {
                            con.close();
                        }
                        if (rs != null) {
                            rs.close();
                        }
                    } catch (SQLException ex) {
                        ex.printStackTrace();
                    }
                }
            } else if (action.equals("Logout")) {
                HttpSession ss = request.getSession();
                ss.setAttribute("USER", null);
                response.sendRedirect(homePage);
            }


        } finally {
            out.close();
        }
    }

    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
    /** 
     * Handles the HTTP <code>GET</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        processRequest(request, response);
    }

    /** 
     * Handles the HTTP <code>POST</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        processRequest(request, response);
    }

    /** 
     * Returns a short description of the servlet.
     * @return a String containing servlet description
     */
    public String getServletInfo() {
        return "Short description";
    }// </editor-fold>
}
